Migrate to the GitLab Agent for Kubernetes

The first integration between GitLab and Kubernetes used cluster certificates to connect the cluster to GitLab. This method was deprecated in GitLab 14.5 in favor of the GitLab Agent for Kubernetes.

To make sure your clusters connected to GitLab do not break in the future, we recommend you migrate to the GitLab Agent as soon as possible by following the processes described in this document.

The certificate-based integration was used for some popular GitLab features such as, GitLab Managed Apps, GitLab-managed clusters, and Auto DevOps.

As a general rule, migrating clusters that rely on GitLab CI/CD can be achieved using the CI/CD Tunnel provided by the Agent.

note
The GitLab Agent for Kubernetes does not intend to provide feature parity with the certificate-based cluster integrations. As a result, the Agent doesn’t support all the features available to clusters connected through certificates.

Migrate cluster application deployments

Migrate from GitLab-managed clusters

With GitLab-managed clusters, GitLab creates separate service accounts and namespaces for every branch and deploys using these resources.

To achieve a similar result with the GitLab Agent, you can use impersonation strategies to deploy to your cluster with restricted account access. To do so:

  1. Choose the impersonation strategy that suits your needs.
  2. Use Kubernetes RBAC rules to manage impersonated account permissions in Kubernetes.
  3. Use the access_as attribute in your Agent’s configuration file to define the impersonation.

Migrate from Auto DevOps

To configure your Auto DevOps project to use the GitLab Agent:

  1. Follow the steps to install an agent on your cluster.
  2. Go to the project in which you use Auto DevOps.
  3. From the sidebar, select Settings > CI/CD and expand Variables.
  4. Select Add new variable.
  5. Add KUBE_CONTEXT as the key, path/to/agent/project:agent-name as the value, and select the environment scope of your choice.
  6. Select Add variable.
  7. Repeat the process to add another variable, KUBE_NAMESPACE, setting the value for the Kubernetes namespace you want your deployments to target, and set the same environment scope from the previous step.
  8. From the sidebar, select Infrastructure > Kubernetes clusters.
  9. From the certificate-based clusters section, open the cluster that serves the same environment scope.
  10. Select the Details tab and disable the cluster.
  11. To activate the changes, from the project’s sidebar, select CI/CD > Variables > Run pipeline.

Migrate generic deployments

When you use Kubernetes contexts to reach the cluster from GitLab, you can use the CI/CD Tunnel directly. It injects the available contexts into your CI environment automatically:

  1. Follow the steps to install an agent on your cluster.
  2. Go to the project in which you use Auto DevOps.
  3. From the sidebar, select Settings > CI/CD and expand Variables.
  4. Select Add new variable.
  5. Add KUBE_CONTEXT as the key, path/to/agent-configuration-project:your-agent-name as the value, and select the environment scope of your choice.
  6. Edit your .gitlab-ci.yml file and set the Kubernetes context to the KUBE_CONTEXT you defined in the previous step:

    <your job name>:
      script:
      - kubectl config use-context $KUBE_CONTEXT
    

Migrate from GitLab Managed Applications

Follow the process to migrate from GitLab Managed Apps to the Cluster Management Project.

Migrating a Cluster Management project

See how to use a cluster management project with the GitLab Agent.

Migrate cluster monitoring features

Cluster monitoring features are not supported by the GitLab Agent for Kubernetes yet.